Welcome to Splunk Answers, a Q&A forum for users to find answers to questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come here to find solutions to their issues, and to help other users in the Splunk community with their own questions.

This quick tutorial will help you get started with key features to help you find the answers you need. You will receive 10 karma points upon successful completion!

People who like this

Could you please let us know time is spent on running 1st search by looking at Job inspector? There could be possibility that saved search is not getting triggered. Information about skipped searches could be found from scheduler.log

1 Answer

From the comments in this answer, it appears that map doesn't start it's search until the outer search completes. Because a real-time search never completes, the search triggered by the map command never runs.

So, no. Unfortunately the map command is not supported in real-time searches.